GHSA-5JG5-XQFW-RV92 Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

PT-2026-6596

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20 Description A Cross Site Scripting issue exists in the /admin/order/abandoned API endpoint of the software. An attacker can manipulate the orderDirection parameter within a crafted URL. By enticing a user wi...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

WordPress WP Table Builder plugin <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability

Incorrect Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Table Builder versions = 2.0.19...

Intelbras ICIP 安全漏洞

Intelbras ICIP is an interface extension board from Intelbras, Brazil. A security vulnerability exists in Intelbras ICIP version 2.0.20, which stems from incorrect manipulation of the parameter NomeUsuario/SenhaAcess in the file /xml/sistema/acessodeusuario.xml, which could lead to improper stora...

tom-microservice (=3.2.28) potentially affected by CVE-2025-62380 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-62380 Source advisory: SNYK:JS-MAILGEN-13559301...

EUVD-2023-1804

Malicious code in bioql PyPI...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information during a connection failure. An attacker can gain access to sensitive data such as usernames and passwords by obtaining the logs where this...

CVE-2025-48493

The vulnerability CVE-2025-48493 affects the Yii 2 Redis extension (yii2-redis) used with Yii Framework 2.0. Prior to version 2.0.20, AUTH credentials are logged in plain text when a connection fails, exposing usernames and passwords to anyone with access to the logs. The issue is mitigated by up...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

CVE-2024-29097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20...

CVE-2025-25119

CVE-2025-25119 is a Cross-Site Scripting vulnerability in the WordPress plugin WooCommerce osCommerce Sync (NotFound)

WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce osCommerce Sync versions = 2.0.20...